From f21f6f39a13d52014400f6f71290279f3a6fbb05 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Thu, 11 May 2017 10:42:15 +0100 Subject: [PATCH] pub/bbs-gen.c, pub/rsa-gen.c: Remove the lower-bounding on q. It's unnecessary. It was a bad idea because it biases q quite heavily, but now `strongprime' generates primes in the right interval so that getting the right bit length isn't a problem. --- pub/bbs-gen.c | 6 +----- pub/rsa-gen.c | 6 ------ 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/pub/bbs-gen.c b/pub/bbs-gen.c index fcba8288..6ec65e2d 100644 --- a/pub/bbs-gen.c +++ b/pub/bbs-gen.c @@ -65,7 +65,7 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n, pgen_jumpctx j; pgen_gcdstepctx g; unsigned nb = nbits/2; - mp *x = MP_NEWSEC, *t = MP_NEW; + mp *x = MP_NEWSEC; /* --- Generate @p@ --- */ @@ -88,15 +88,11 @@ int bbs_gen(bbs_priv *bp, unsigned nbits, grand *r, unsigned n, g.r = mp_lsr(MP_NEW, bp->p, 1); g.g = MP_NEW; g.max = MP_ONE; - t = mp_lsl(t, MP_ONE, nbits - 1); - mp_div(&t, 0, t, bp->p); - if (MP_CMP(x, <, t)) x = mp_leastcongruent(x, t, x, g.jp.m); bp->q = pgen("q", MP_NEWSEC, x, event, ectx, n, pgen_gcdstep, &g, rabin_iters(nb), pgen_test, &rb); pfilt_destroy(&g.jp); mp_drop(g.r); mp_drop(g.g); - mp_drop(t); if (!bp->q) goto fail_q; /* --- Compute @n@ --- */ diff --git a/pub/rsa-gen.c b/pub/rsa-gen.c index de97644c..3b5334b8 100644 --- a/pub/rsa-gen.c +++ b/pub/rsa-gen.c @@ -84,17 +84,11 @@ int rsa_gen(rsa_priv *rp, unsigned nbits, grand *r, unsigned n, { mp *q; - mp *t = MP_NEW, *u = MP_NEW; rabin rb; if ((q = strongprime_setup("q", MP_NEWSEC, &g.jp, nbits / 2, r, n, event, ectx)) == 0) goto fail_q; - t = mp_lsl(t, MP_ONE, nbits - 1); - mp_div(&t, &u, t, rp->p); - if (!MP_ZEROP(u)) t = mp_add(t, t, MP_ONE); - if (MP_CMP(q, <, t)) q = mp_leastcongruent(q, t, q, g.jp.m); - mp_drop(t); g.r = mp_lsr(MP_NEW, rp->p, 1); g.g = MP_NEW; -- 2.11.0